Package: gnome-keyring Version: 3.34.0-1 Severity: normal Tags: security gnome-keyring makes copious use of MD5. It hashes attributes with it and uses it as an integrity check in the encrypted data. Unfortunately, MD5 is, according to CMU, “cryptographically broken and unsuitable for further use.” It has been known to be insecure since at least 2004.
While it is true that MD5 is not practically vulnerable to preimage attacks, gnome-keyring cannot make assumptions about the data that it may be asked to store and therefore cannot rule out collisions as an attack vector. Additionally, MD5 is so weak and has been for so long that its use is a major cryptographic red flag. gnome-keyring should transition to algorithms which are not broken. SHA-2, SHA-3, and BLAKE2 are all valid options for secure, robust hash algorithms, and BLAKE2 is faster than MD5, in the unlikely situation upstream feels performance is a concern. Moreover, libgcrypt supports all of these options. While the upgrade is taking place, it may be prudent to consider using a MAC (such as HMAC with a suitably secure algorithm) as an integrity check instead of an encrypted hash. This allows the integrity check to occur before any data is decrypted and is in line with best practices that encourage using encrypt-then-mac. -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.3.0-3-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_WARN Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages gnome-keyring depends on: ii dbus-user-session [default-dbus-session-bus] 1.12.16-2 ii dbus-x11 [dbus-session-bus] 1.12.16-2 ii dconf-gsettings-backend [gsettings-backend] 0.34.0-2 ii gcr 3.34.0-1 ii libc6 2.29-9 ii libcap-ng0 0.7.9-2.1+b1 ii libcap2-bin 1:2.27-1 ii libgck-1-0 3.34.0-1 ii libgcr-base-3-1 3.34.0-1 ii libgcrypt20 1.8.5-3 ii libglib2.0-0 2.62.4-1+b1 ii p11-kit 0.23.20-1 ii pinentry-gnome3 1.1.0-3+b1 Versions of packages gnome-keyring recommends: ii gnome-keyring-pkcs11 3.34.0-1 ii libpam-gnome-keyring 3.34.0-1 gnome-keyring suggests no packages. -- no debconf information -- brian m. carlson: Houston, Texas, US OpenPGP: https://keybase.io/bk2204
signature.asc
Description: PGP signature